General
-
Target
36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488
-
Size
12.9MB
-
Sample
220511-3arhsacfe3
-
MD5
d6c42156c6c44da64fe062891eb5aa17
-
SHA1
7fe05a8589a45d70d8c19f39b1d7c53390648e83
-
SHA256
36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488
-
SHA512
bb2002558c38c9f87a01c082f0c4d9d665400d8e834b4f34eaa200dcfe008670005d702d647698723de1db0cd3f517158b2b0f6b55a451dd62a64eb1915b038b
Static task
static1
Behavioral task
behavioral1
Sample
36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488
-
Size
12.9MB
-
MD5
d6c42156c6c44da64fe062891eb5aa17
-
SHA1
7fe05a8589a45d70d8c19f39b1d7c53390648e83
-
SHA256
36f9c1b4537ea7764f2de77f4264676eb213ad2a56b8e4cc4ec65488c3234488
-
SHA512
bb2002558c38c9f87a01c082f0c4d9d665400d8e834b4f34eaa200dcfe008670005d702d647698723de1db0cd3f517158b2b0f6b55a451dd62a64eb1915b038b
-
Modifies security service
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-